cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1

Analysis

max time kernel
151s
max time network
145s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/06/2024, 06:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
Size

94KB
MD5

8de9d68ccec7d784b954ac629211f14a
SHA1

3b874fd8f44bd6b3024b125704b3003b11ce9517
SHA256

cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1
SHA512

63dc1b0ea490dca44ad7135587abf4516498f0ba249a95814a11894b6a4515ab015c89a69e34b683b1a2baab51220d1803998947ae89b9e0f895cfed6a110d5b
SSDEEP

1536:W7ZrpApojOPG0PGQJwFJwkpe+eTDPfFpsJOfFpsJCAdCjHKPN0U6PG0PGb:6rWpcOPxPke+e3fFpsJOfFpsJbgEmPxU

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (929) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-core-file-l1-2-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Threading.Tasks.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\fr\WindowsFormsIntegration.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-convert-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\msdasqlr.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Transactions.Local.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.TypeConverter.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\WindowsFormsIntegration.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ru\System.Xaml.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Windows.Controls.Ribbon.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.kk-kz.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\msadc\msdaprsr.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Runtime.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Primitives.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Runtime.Serialization.Json.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipssrb.xml.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\ado\adovbs.inc.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcor.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-locale-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.ComponentModel.Annotations.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Net.ServicePoint.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Security.SecureString.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-conio-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\fsdefinitions\keypad.xml.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\7-Zip\Lang\sa.txt.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\msadc\de-DE\msdaremr.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.IO.Compression.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\7-Zip\Lang\id.txt.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\7-Zip\Lang\nl.txt.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\Ole DB\en-US\sqlxmlx.rll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\System.Xaml.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\ClientEventLogMessages.man.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\he-IL\tipresx.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Metadata.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Drawing.Primitives.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Linq.Expressions.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\msadc\fr-FR\msadcer.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\msadc\msadce.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Net.WebProxy.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Resources.ResourceManager.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-runtime-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\nb-NO\tipresx.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\api-ms-win-crt-process-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Reflection.Emit.ILGeneration.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\en-US\TipRes.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ipscsy.xml.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\msquic.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\de\WindowsBase.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\pt-BR\UIAutomationTypes.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\7-Zip\Lang\fi.txt.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\de-DE\tipresx.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Numerics.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\6.0.25\System.Reflection.Primitives.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.NETCore.App\8.0.0\System.Web.HttpUtility.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\7-Zip\Lang\mk.txt.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\C2RINTL.sv-se.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\ado\msado60.tlb.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\System\Ole DB\de-DE\sqloledb.rll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ko\UIAutomationTypes.resources.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\ReachFramework.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App\6.0.25\System.Security.Cryptography.Pkcs.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ClickToRun\api-ms-win-crt-string-l1-1-0.dll.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ja-JP\TipRes.dll.mui.tmp	cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe

C:\Users\Admin\AppData\Local\Temp\cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe
"C:\Users\Admin\AppData\Local\Temp\cacd432711786de2479a839f2db701c7a26ea501af73d4dffebea3acb38cb1d1.exe"
1⤵
- Drops file in Program Files directory
PID:332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4092 --field-trial-handle=2276,i,11674642242468042059,14711253743544118298,262144 --variations-seed-version /prefetch:8
1⤵
PID:3812

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3808065738-1666277613-1125846146-1000\desktop.ini.tmp

Filesize
94KB

MD5
9c92f10710d5c8d45d7596d3e615a8e6

SHA1
5d8b6c113ff7b32d6cf50e2f340339bd56bffb68

SHA256
21a6d158fad54c14299a7baf80741e87f2792f3fc1ab139398790ba6f08bc65f

SHA512
ee42dc473080e4ef6da2ccba2c1d87630d8c7d40da7bd69adb9f408552b6407ddbb52a25162b72206562e09d8e6fb9e313e4c234533b7dbbc4f782fee507444c

Download Submit
C:\libsmartscreen.dll.tmp

Filesize
94KB

MD5
a71464c7ef86d064555273a579462ecb

SHA1
79de264b3c928bf7d793543627ffe6da1c3cd747

SHA256
2dd81eade8a3a22706246b4c2eaeb3d744bf1185ccf9adfc21ad2ea09fa9ae3b

SHA512
220a61df42104daaf687d95102dbdd2eabc689c9f0521418db334f5119bd96e1c406261a5cf72b1e1da4a7b1ede450f5bd12fdfbb23b43c29d40e0d44eb6bfe5

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads